package com.groupbuying.generator.utils;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.regex.Pattern;

public class SqlInjectionReg {

    private static final Logger logger = LoggerFactory.getLogger(SqlInjectionReg.class);

    /* 正则表达式 */
    private static String reg = "(?:')|(?:--)|(/\\*(?:.|[\\n\\r])*?\\*/)|"
            + "(\\b(select|update|union|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute)\\b)";

    /* \\b表示限定单词边界比如select不通过1select则是可以的 */
    private static Pattern sqlPattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);

    public static boolean isValid(String str)
    {
        if (sqlPattern.matcher(str).find())
        {
            logger.error("未能通过过滤器：str = " + str);
            return false;
        }
        return true;
    }

}
